Effectively Respond to Your Business Risks and Evaluate Residual Risk Levels
- by Frank Rambo, PhD, Director, Customer Solution Adoption (CSA), EMEA
- February 10, 2011
Examine the fourth phase of the enterprise risk management (ERM) process: risk response allocation. See how in SAP BusinessObjects Risk Management you can distinguish between various response types and involve response owners in a collaborative process to increase accountability for response implementation. In addition to assessing response completeness and effectiveness, you can conduct a residual risk analysis employing quantitative and qualitative methods. Also learn the key integration points between SAP BusinessObjects Process Control and SAP BusinessObjects Risk Management, seeing how process controls can align with risk response.
The initial analysis of a given risk event regarding the probability for its occurrence and impact to your business is followed by the implementation of appropriate risk responses to mitigate the risk down to an acceptable residual risk level. Risk responses aim to reduce probability or impact of the risk event and may focus on risk prevention or on risk recovery. Risk responses can only take their planned effect if they are completely implemented and perfectly effective. For this reason the evaluation of the actual residual risk level requires, in addition to your estimates for probability and impact reduction of each one of your risk responses, the consideration of their completeness and effectiveness.
The enterprise risk management process is comprised of five phases: risk planning, risk identification, risk analysis, risk response, and risk monitoring. During risk planning, all required master data structures are set up in SAP BusinessObjects Risk Management 3.0. This includes an organization hierarchy, hierarchies for your business activities such as business processes and projects, a hierarchy for your business objectives, and a risk classification schema. The risk identification phase focuses on a collaborative process for documenting all relevant aspects of risks that are threatening your business activities and strategic objectives in the different parts of your organization. The initial risk analysis examines inherent risks with no responses for risk mitigation that are taken into account.
As a result of the initial analysis, you identify your top business risks that need your particular attention during risk response planning and implementation. Within SAP BusinessObjects Risk Management, you document as risk responses your strategies and action plans to prevent or recover from risk events and reduce the inherent risk levels. This includes assigning response owners to ensure accountability for response implementation and documenting the costs for cost management.
Would you like to see this full item?